Microsoft SQL Server 2008 end of life: When's the time to migrate?

Microsoft SQL Server 2008 reached the end of its mainstream support on July 8, 2014. Michael Cobb explains what this means to enterprise security, as well as how -- and when -- organizations should migrate from the software.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

end of life mean from a security perspective? Is it time to migrate, or can the software still be used securely?

Microsoft offers a minimum of 10 years of support for business and developer products such as SQL Server. Mainstream support is provided for either five years or for two years after the successor product is released (whichever is longer). Extended support runs either for the five years following mainstream support or for two years after the second successor product is released (whichever is longer).

Security updates are made available through the end of the extended support phase, but any service packs must be installed to continue receiving support and security updates. For Microsoft SQL Server 2008 Enterprise, the support lifecycle looks like this:

Lifecycle start date: 11/6/2008

Mainstream support end date: 07/08/2014

Extended support end date: 07/09/2019

The main difference between mainstream and extended support is that only bugs relating to security will be fixed during extended support -- non-security bugs will be fixed only for customers who have purchased extended hot-fix agreements within 90 days of mainstream support ending.

While 10 years of support may seem a long time, it shouldn't be used as justification to delay a decision to migrate to a new major release. Despite plenty of warnings, many enterprises were caught off guard by the end of life for Windows XP, postponing transitioning to later releases of Windows based on the supposition "if it ain't broke, don't fix it" -- a dubious premise in IT security. Microsoft's well-publicized lifecycle dates are there to enable organizations to plan and execute migrations carefully and methodically. Planning a transition before the Microsoft SQL Server 2008 end of life -- and before things start to go wrong -- creates a far less stressful move to newer technology.

To plan for the move, legacy applications based on SQL Server 2008 should be rewritten and migrated sooner rather than later as the new code will need extensive testing. SQL Server 2008 databases may well be hosted on older hardware, which will become more prone to failure, increasing the fragility of the databases over time, as well as the risk of unplanned downtime. Other costs and risks associated with using outdated software also grow over time. For example, the lack of mitigation technologies to prevent newly discovered attacks means a greater reliance on other defenses to provide protection. Many software vendors will no longer support their products if they're running on top of expired software. While rewriting database applications, upgrading licenses and purchasing hardware may be costly, data breach fines could be far more expensive.

Microsoft calculates that it takes at least a year for most companies to fully migrate mission-critical software, so there's no need to panic yet. Enterprises should, however, start planning now for a successful upgrade from SQL Server 2008 in order to avoid being forced to react in a panic once the reality of unsupported software has already disrupted operations. Operating system and server specifications required to run new database software need to be agreed upon and ordered, and the new infrastructure must be tested and run alongside the existing setup.

Enterprises are creating and consuming more data than ever before, and upgrading database servers and software could bring cost and performance benefits as they are able to take advantage of newer technologies; it's a comfort for those tasked with planning for the end of SQL Server 2008 support.

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy